Details
-
Bug
-
Resolution: Done-Errata
-
Major
-
4.14
-
None
-
Important
-
No
-
Proposed
-
False
-
Description
Description of problem:
Secrets generated by CCO in STS mode is different than the one created by ccoctl on cmdline.
ccoctl generates:
[default] sts_regional_endpoints = regional role_arn = arn:aws:iam::269733383066:role/jsafrane-1-5h8rm-openshift-cluster-csi-drivers-aws-efs-cloud-cre web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
CCO generates:
sts_regional_endpoints = regional
role_arn = arn:aws:iam::269733383066:role/jsafrane-1-5h8rm-openshift-cluster-csi-drivers-aws-efs-cloud-cre
web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
IMO these two should be the same. AWS EFS CSI driver does not work without "[default]" at the beginning.
Version-Release number of selected component (if applicable):
4.14.0-0.nightly-2023-07-11-092038
How reproducible:
Always
Steps to Reproduce:
1. Create a Manual mode, STS cluster in AWS. 2. Create a CredentialsRequest which provides .spec.cloudTokenPath and .spec.providerSpec.stsIAMRoleARN. 3. Observe that secret is created by CCO in the target namespace specified by the CredentialsRequest.
Actual results:
The secrets does not have [default] in the `data` content.
Expected results:
Attachments
Issue Links
- blocks
-
STOR-1376 Implement STS in AWS EFS CSI driver operator
-
- Closed
-
- links to
-
RHEA-2023:5006
rpm
